RE: [ActiveDir] Child domain login.

[joe]

Yeah let me correct something I said down below as I was obviously on crack.... I ran out the door after this and the other group posting and came back to a note from Dean letting me know I was smoking something that he sent within seconds of me sending out this mistake... I think he gets notes from this list that are from me with screwups delivered to a special paging mailbox or something...   No mode of the domain will allow you to add a user from another domain to a global group. I had just responded to an email about adding child admins to the Enterprise Admins group and how come that wasn't working and my mind got stuck there I guess. Anyway there used to be a bug where you could sneak in other domain members into GGs via group nesting. At least if you manually chased the group memberships it would look like someone from another domain was in a global group but it wouldn't work properly. They fixed that possibility in SP2.   You can't add Uni's to globals. You can only add globals and users from the same domain to globals.   I am curious when you say the UPN worked... What exactly is the error message when trying to log on? I assumed it was the old you don't have rights to logon interactively error.     joe     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Friday, June 04, 2004 6:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Child domain login. All domains are in Native mode, I have created (to test my problem) a global group in the root Domain and nested it in a Universal Group in the root domain. I then placed the Universal group in a global group and a DL group in the child domain. Still no login with root account, except for using a UPN [EMAIL PROTECTED] that did let me in...   Mike -----Original Message----- From: joe [mailto:[EMAIL PROTECTED] Sent: Friday, June 04, 2004 1:44 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Child domain login. Are your domains in Native Mode?[Mike Hogenauer]    If not, you will not be able to add a userid from the root domain to the child domain's domain admins.     joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Friday, June 04, 2004 1:48 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Child domain login. So I created a child domain to my root domain, my account is in the Enterprise admin’s group.   The install of the child domain completed successfully and I can login to that domain with an account local to that domain, also when I select a domain from the domain list it sees my Forest root and child domain but I cannot login to my child domain with my account.   I’m running windows 2000, the root domain hosts all DNS, there are no DNS servers in the Child domain, and they all point to the root domain for DNS. I tried to add my account to a local group in the child domain but I can’t pull back a list of users.   Thanks in advance for any help!!!   Mike